Cyber Security in Real-Time Systems            Transport Security Event – Olympia          “Advanced Persistent and Inside...
Introduction                            CSIRS               Cyber Security in Real-Time Systems
CSIRS               Cyber Security in Real-Time SystemsLinkedin CSIRS : http://www.linkedin.com/groupRegistration?gid=3623...
Why me?                       CSIRS          Cyber Security in Real-Time Systems
1970/75 –Worlds First Large Scale Automation
1990 - 2000               Railtrack Safety               Critical Software                                   Sizewell B So...
Current Business Environments       &    Drivers                                CSIRS                   Cyber Security in ...
Smart Grid                                                              Emerging Changing  Cost Reduction by              ...
ThreatsCurrent Trends                       CSIRS          Cyber Security in Real-Time Systems
Stuxnet Changed Everything                                     Expertise                                                 F...
Why is APT different?Multiple entry points across supplier chainFocus on social engineering and use of insiders.Gathering ...
Do not to place in designs of Nuclear Plant in the public domain!                         http://www.prleap.com/pr/167858/...
So have there been any other APTs since Stuxnet?Many successful security attacks have been designated as APT by thecompany...
Insider Threats                               CSIRS                  Cyber Security in Real-Time Systems
What is an insider threat?A breach or part of an attack executed from within the existingtrust domain(s) by an individual ...
Why is an insider threat so dangerous?Immediate compromise of traditional security perimeter!Traditional baseline security...
Possible defence and detectionSecurity training and awarenessCommunication and Implementation of penalties.Concept of “you...
What actions do we need      to consider?                                       CSIRS                          Cyber Secur...
Possible Cyber Security SolutionUnderstanding                         Implementation of                                   ...
Implementation of baseline security examples     Robust Identity Management solutions RBAC      Basic log collection, anal...
Advanced security measures :PKI/Digital signatures and key managementData loss prevention proactive and reactive.Integrate...
Conclusions :APTs are very difficult to detect and once detected tothen defend againstExpenditure on security processes an...
Thank you             Q&Adavid.spinks@hp.comdspinks41@gmail.com             CSIRS  Cyber Security in Real-Time Systems
Upcoming SlideShare
Loading in …5
×

Csirs Trabsport Security September 2011 V 3.6

561 views
506 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
561
On SlideShare
0
From Embeds
0
Number of Embeds
25
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Csirs Trabsport Security September 2011 V 3.6

  1. 1. Cyber Security in Real-Time Systems Transport Security Event – Olympia “Advanced Persistent and Insider Threats” David Spinks – Chairman CSIRSSeptember 2011 CSIRS Cyber Security in Real-Time Systems
  2. 2. Introduction CSIRS Cyber Security in Real-Time Systems
  3. 3. CSIRS Cyber Security in Real-Time SystemsLinkedin CSIRS : http://www.linkedin.com/groupRegistration?gid=3623430
  4. 4. Why me? CSIRS Cyber Security in Real-Time Systems
  5. 5. 1970/75 –Worlds First Large Scale Automation
  6. 6. 1990 - 2000 Railtrack Safety Critical Software Sizewell B Software Emergency Shut Down code validationUK Governmentassessment of EmbeddedSoftware Aviation
  7. 7. Current Business Environments & Drivers CSIRS Cyber Security in Real-Time Systems
  8. 8. Smart Grid Emerging Changing Cost Reduction by Threat Profile Private UtilitiesIntegration Real Time Real Time (SCADA)<> Commercial IT based on Windows Use of wireless to Real Time designed effect remote by “engineers” management
  9. 9. ThreatsCurrent Trends CSIRS Cyber Security in Real-Time Systems
  10. 10. Stuxnet Changed Everything Expertise Focused Gather Intelligence Social Engineering The first advanced persistent threat APT
  11. 11. Why is APT different?Multiple entry points across supplier chainFocus on social engineering and use of insiders.Gathering of intelligence across a range of suppliers.Attack has a complex event sequence across multiple technologies.Malware is sophisticated and likely developed and proved on test beds.
  12. 12. Do not to place in designs of Nuclear Plant in the public domain! http://www.prleap.com/pr/167858/ eXtremeDB Embedded In-Memory Database Adds Safety and Efficiency In Nuclear Waste Processing Control System
  13. 13. So have there been any other APTs since Stuxnet?Many successful security attacks have been designated as APT by thecompany that has been breached.Closest to this model is the RSA breach entry via EMC and staff beingexposed to Phishing attacks lack of RSA CSO ......Farthest away is repeated breaches suffered by Sony ....Many organisations have a history of under investment in InformationSecurity ....
  14. 14. Insider Threats CSIRS Cyber Security in Real-Time Systems
  15. 15. What is an insider threat?A breach or part of an attack executed from within the existingtrust domain(s) by an individual who has some kind of existingauthenticationsThe breach event may be deliberate or accidental. Theindividual may be a current or past employee, contractor,customer, partner or supplier.The individual will have a “motive” which may or may not belogical.Many insider threats will be trivial actions that form anintelligence gathering exercise CSIRS Cyber Security in Real-Time Systems
  16. 16. Why is an insider threat so dangerous?Immediate compromise of traditional security perimeter!Traditional baseline security measures are ineffectiveTraditional concepts of “trust” are invalid - many frauds andthefts are executed with the assistance of employees andexecutives! No-one is immune to potential compromise.Pilot studies using DLP software and tools show a staggeringhigh number of deliberate security breaches executed by ahigh % of all staff. Ignorance of policy ... Finding waysaround the rules. Stupidity! CSIRS Cyber Security in Real-Time Systems
  17. 17. Possible defence and detectionSecurity training and awarenessCommunication and Implementation of penalties.Concept of “you will be caught” and example will be made.Security cultureEvaluation of suppliers and partners (supply chain!)Use of DLP and Log AnalysisGood HR policies and procedures monitoring behaviours CSIRS Cyber Security in Real-Time Systems
  18. 18. What actions do we need to consider? CSIRS Cyber Security in Real-Time Systems
  19. 19. Possible Cyber Security SolutionUnderstanding Implementation of baseline security Design Solution ISO 27001 CobiT 4.1/5.0 ImplementImplementation of APT Manage & Improvedetection and response
  20. 20. Implementation of baseline security examples Robust Identity Management solutions RBAC Basic log collection, analysis and reporting Intrusion detection and prevention Penetration testing of external facing firewalls Security training and awareness (defending social engineering and phishing) Encryption of critical and sensitive dataMandatory no exceptions executive led will not detect or mitigate APT
  21. 21. Advanced security measures :PKI/Digital signatures and key managementData loss prevention proactive and reactive.Integrated approach to log analysis (applications and IdM) real-time alerts to SOCApplications and web hosting code analysisGovernance, Risk and Compliance in real-timeSecurity incident and near miss reporting. Mandatory no exceptions executive led.
  22. 22. Conclusions :APTs are very difficult to detect and once detected tothen defend againstExpenditure on security processes and tools needs to beincreasedSecurity should be implemented top down withexecutive sponsorship.All employees are part of the defence silver bullets willnot work.
  23. 23. Thank you Q&Adavid.spinks@hp.comdspinks41@gmail.com CSIRS Cyber Security in Real-Time Systems

×